Sonic Sonic - 1 month ago 7
C Question

RegOpenCurrentUser(KEY_WRITE) on newly created user

After i successfully create a new user, add user to built-in admins group, i would like to edit the newly created user's registry (this program is an elevated-as-admin program). I called

NetUserAdd()
,
NetLocalGroupAddMembers()
,
LogonUser()
, and then, finally
LoadUserProfile()
so the user's directory exists.

Excuse the sloppy code, but this is what I am doing after that:

DuplicateTokenEx(hToken,TOKEN_ALL_ACCESS,&sa,SecurityImpersonation,TokenPrimary,&hNewToken);
ImpersonateLoggedOnUser(hNewToken);

HKEY hKey;
LSTATUS stat = RegOpenCurrentUser(KEY_READ|KEY_WRITE, &hKey);
// stat is 5 (ACCESS_DENIED) when KEY_WRITE is added, it
// returns 0 (ERROR_SUCCESS) when it's just KEY_READ

RegCloseKey(hKey);
RevertToSelf();

CloseHandle(hNewToken);


The error is on the
RegOpenCurrentUser()
line. It errors out when I ask to write to that user's HKU registry. It works perfectly fine if I use just
KEY_READ


Is this even possible what I am trying to do? Is the user's registry hive even created yet? Or does the user have to physically sign on to create it?

Ultimately what i would want to do is create GPO's for the new user.

Answer

If you already have the user profile loaded with LoadUserProfile(), you don't really need to use RegOpenCurrentUser() at all. You can instead use the hProfile field of the PROFILEINFO that LoadUserProfile() returns:

hProfile
Type: HANDLE

A handle to the HKEY_CURRENT_USER registry subtree.

...

When the LoadUserProfile call returns successfully, the hProfile member receives a registry key handle opened to the root of the user's subtree, opened with full access (KEY_ALL_ACCESS).

Comments